How do I set up an alarm for port flooding


I am trying to create an alarm for when a port is flooded with traffic. I know how to create an alarm, but cant find the "trigger" action I am looking for. What I am wanting is if a port on a switch is flooding our network, I want to receive an email and shut that ort down until I can discover the issue. How do I do that?

Netsight Console 6.2.0.211

3 replies

Userlevel 7
Hi Cheston,

If you are using EXOS switches, you can configure rate limits for flooded traffic, as shown in this GTAC Knowledge article. When one of these rate limits is exceeded, the switch will generate a log message, which should be seen by Netsight.

-Brandon
I am using Enterasys B5G124-48P2 switches. I have a couple B5 24 ports, but everything aside from my core is a B5. I will look at your solution, is there a particular threshold I should set for traffic?

Cheston
Unfortunately the EOS access switches seem to lack basic features when it comes to flood condition mitigation. No mulitcast limiter no unknown unicast detection/limiting and even the broadcast suppressor lacks informational features like "peak broadcast per second".

You can work around some of that with qos policy rules, but let's be honest: There's much room for improvement regarding these features. Looking at the GTAC Article mentioned above EXOS is much more advanced in this regard.

My own workaround was to uplink all of our bigger broadcast domains to a Linux Server, where I continuously do a tcpdump and run a scripted check for flood conditions that alerts via mail.

Reply